On Sun, Oct 31, 2010 at 9:49 AM, Kiran Ayyagari <[email protected]>wrote:
> hello dev, > > Currently we don't have a feature to automatically hash the passwords > before > storing them, I would like to propose that we should add this feature. > > I would like to add a new interceptor to support this feature: > > 1. It is easy to enable/disable without adding some more config options > to DirectoryService > +1 > 2. We can place at the appropriate position in the interceptor chain so > that > changelog and journals will also have the same password as the DIT > > +1 > We currently support the following hashing algorithms > SHA, SSHA, MD5, SMD5, Crypt, SHA-2 (256, 384, 512 along with their > salted counterparts) > > Should be sufficient. > Studio might need to change its 'password change' screen by adding an > option > to send the plain text password though the original password is hashed. > (AFAIU currently studio hashes on the client side and sends) > > thoughts? > > Thanks for taking this on Kiran. Any bit of additional security is great. I know you've thought through all the relevant implications this might have with any other authentication mechanisms we have. -- Alex Karasulu My Blog :: http://www.jroller.com/akarasulu/ Apache Directory Server :: http://directory.apache.org Apache MINA :: http://mina.apache.org To set up a meeting with me: http://tungle.me/AlexKarasulu
